瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 Trojan.Agent117697.e这个是木马怎么杀【求助】

12   2  /  2  页   跳转

Trojan.Agent117697.e这个是木马怎么杀【求助】

收藏
我叫小张
头像
初生襁褓狮
  • 帖子:18
  • 注册: 2006-09-11
  • 来自:
发表于: 2006-09-12 19:05 | 只看楼主 短消息 资料
字号: 11楼

正在运行的进程
[PID: 652][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 700][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 724][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 768][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 780][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 932][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 996][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1084][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1128][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1212][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1488][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\WINDOWS\system32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.7801>
    [C:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.7801>
    [C:\WINDOWS\system32\nvshell.dll]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\shellex.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\PROGRA~1\ftc\Commenu.dll]  <Fygsoft and Microsoft><3.0.0.63>
[PID: 1644][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1872][C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE]  <Ashmanov & Partners><1.1.50.0>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>
[PID: 1896][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>
[PID: 2016][C:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.7801>
[PID: 1172][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1484][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1824][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\scrchpg.dll]  <Kaspersky Lab><5.0.1.18>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\scrch_ag.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\FSSync.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\pr_rmt.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\ccclient.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\klipc.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\KLUtil.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\rpt.dll]  <Kaspersky Lab><5.0.383.2>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\CCIFACE.dll]  <Kaspersky Lab><5.0.383.1>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\prloader.dll]  <Kaspersky Lab><5.0.383.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\prkernel.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\prstring.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\pr_srv.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\pr_clnt.ppl]  <Kaspersky Lab><5.0.383.0>
    [c:\program files\kaspersky lab\kaspersky security suite\kaspersky anti-virus personal\tempfile.ppl]  <Kaspersky Lab><5.0.383.0>
    [C:\WINDOWS\system32\Macromed\Flash\Flash.ocx]  <Macromedia, Inc.><6,0,84,0>
[PID: 512][G:\新建文件夹 (7)\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OEHook.dll]  <Ashmanov & Partners><1.1.50.0>
    [C:\Program Files\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\CatNames.dll]  <Ashmanov & Partners><1.1.50.0>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-09-12 20:12 | 短消息 资料
字号: 12楼

看不出问题了,你有什么异常没
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),点“启动项目,服务,点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Windows User Mode Driver Framework ,选择“删除服务”点“设置”选择“否”
gototop
 
风行天印
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2006-08-26
  • 来自:
发表于: 2006-09-12 20:26 | 短消息 资料
字号: 13楼

瑞星直接杀不行吗
gototop
 
我叫小张
头像
初生襁褓狮
  • 帖子:18
  • 注册: 2006-09-11
  • 来自:
发表于: 2006-09-12 20:58 | 只看楼主 短消息 资料
字号: 14楼

引用:
【我无邪的贴子】看不出问题了,你有什么异常没
打开System Repair Engineer(也就是你的扫描日志软件SREng.exe),点“启动项目,服务,点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Windows User Mode Driver Framework ,选择“删除服务”点“设置”选择“否”
………………


谢谢!!!已经按你说的删除了!!我是看不出有什么异常。CPU使用正常。进程也没什么。那些问题都是木马清道夫扫描出来的。今天扫几次都没有问题了
gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT